[PATCH 2/2] Add single-threaded fast path to rand()

Adhemerval Zanella Netto adhemerval.zanella@linaro.org
Fri Mar 22 14:46:18 GMT 2024



On 22/03/24 11:27, Zack Weinberg wrote:
> On Thu, Mar 21, 2024, at 11:53 AM, Adhemerval Zanella Netto wrote:
>> And even if arc4random is explicit a non CPRNG, there were some worries that 
>> users might misuse the interface and thus add some security issues.
> 
> No opinion about anything else in this thread, but if we add arc4random at all
> it MUST be a CSPRNG.  That's a documented guarantee on all the systems that
> do have it, and applications rely on it.

Yeah, this is another point of contention where one might consider that a
userland CPRNG that has no feedback from kernel to where/how to properly
reseed might not be considered a CPRNG. 


More information about the Libc-alpha mailing list